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DETAILED ACTION 

1 . This Office Action is responding to the filing of the Application received on 
07/08/2003. 

2. Claims 1-25 are pending. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the Invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 1-10, 12-18, 20, 22-25 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Baker, hereinafter "7,035,898". 

5. As per claim 1: 

Baker discloses "A industrial network, comprising: a local area network" in (Col 2 
lines 15-32); and 

"a security policy implementation point (SPIP) configured to apply policy in the 
control of network access to at least one factory machine" in (Col 5 lines 12-35). 
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As per claim 2: 

Baker discloses "The industrial network of claim 1 , further comprising a 
programmable logic controller connected to the at least one factory machine, and 
wherein the SPIP is integrated with the programmable logic controller" in (Col 5 lines 
12-35). 

6. As per claim 3: 

Baker discloses "The industrial network of claim 1, further comprising a 
programmable logic controller connected to the at least one factory machine, and 
wherein the SPIP interfaces between the local area network and the programmable 
logic controller" in (Col 5 lines 12-35). 

7. As per claim 4: 

Baker discloses "The industrial network of claim 3, wherein the local area 
network is an Ethernet network, wherein the SPIP is configured to communicate with 
network devices on the local area network over the Ethernet network, and wherein the 
SPIP is configured to communicate with the programmable logic controller using a 
protocol selected from at least one of Profibus, Controller Area Network, RS-232, 
RS-422, and RS-485" in (Col 2 lines 22-25). 
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8. As per claim 5: 

Baker discloses "The industrial network of claim 1, wherein the local area 
network includes at least one Ethernet switch/router, and wherein the SPIP is included 
as a blade in the Ethernet switch/router" in (Col 2 lines 30-32). 

9. As per claim 6: 

Baker discloses "The industrial network of claim 5, wherein the SPIP is 
configured to implement security policy to control network access to at least one PLC 
connected to the Ethernet switch/router through the SPIP" in (Col 2 lines 30-32, and Col 
6 lines 1-5). 

10. As per claim 7: 

Baker discloses "The industrial network of claim 6, wherein the subnet includes 
at least one programmable logic controller is configured to control the operation of at 
least one of said factory machines" in (Col 2 lines 15-32). 

11. As per claim 8: 

Baker discloses "The industrial network of claim 1 , wherein the SPIP comprises 
an authentication module and an authorization module to control network access to said 
factory machine" in (Col 5 lines 15-36). 

12. As per claim 9: 

Baker discloses "The industrial network of claim 1 , wherein the industrial network 
is an un-trusted network configured to interconnect network services with a plurality of 
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SPIPs associated with factory machines, and wherein the network services are 
configured to enable operation of the factory machines to be altered through the 
industrial network" in (Col 5 lines 15-36). 

13. As per claim 10: 

Baker discloses "The industrial network of claim 1 , wherein the SPIP includes a 
local policy configured to enable the SPIP to enforce network policy in connection with 
local accesses" in (Col 5 lines 15-36, and Col 5 line 65 to Col 6 line 6). 

14. As per claim 12: 

Baker discloses "The industrial network of claim 1 , wherein the SPIP comprises a 
network policy configured to enable the SPIP to enforce network policy by interfacing 
with network services" in (Col 5 lines 10-37). 

15. As per claim 13: 

Baker discloses "The industrial network of claim 12, wherein the SPIP comprises 
a local authentication policy and information associated with authorized users and 
indicative of authorization policy information associated with said at least one factory 
machine" in (Col 5 lines 10-37). 

16. As per claim 14: 

Baker discloses "A Security Policy Implementation Point (SPIP) for use in an 
industrial network, comprising: 
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a local path configured to implement a local access policy" in (Col 5 lines 10-37); 

and 

"a network path configured to secure network paths [Web access over the 
network to the machine to configure PLC. The path needs authentication before get 
accessed] on the industrial network" in (Col 5 lines 10-37). 

17. As per claim 15: 

Baker discloses "The SPIP of claim 15, further comprising programmable logic 
controller circuitry configured to function to control at least one factory machine" in (Col 
5 lines 10-37), 

18. As per claim 16: 

Baker discloses "The SPIP of claim 15, wherein the local access policy includes 
enabling access to an associated factory machine to enable operation of the factory 
machine to be altered without verification of authorization and authentication of an user 
seeking to alter the operation" in (Col 5 lines 25-37). 

19. As per claim 17: 

Baker discloses "The SPIP of claim 16, wherein the local path further comprises 
an accounting module configured to record accesses to at least one of the SPIP, an 
associated programmable logic controller, and an associated factory machine" in (Col 2 
lines 15-32). 
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20. As per claim 18: 

Baker discloses "The SPIP of claim 15, wherein the local path comprises an 
authentication module configured to authenticate the identity of an individual seeking to 
access a device through the SPIP, and an authorization module configured to assess 
an authorization associated with the individual to ascertain whether the individual is 
authorized to access the device" in (Col 5 lines 10-37). 

21. As per claim 20: 

Baker discloses "The SPIP of claim 18, wherein the authentication and 
authorization modules maintain a local copy of authorized users and authentication 
policy to allow local access to the SPIP" in (Col 5 lines 20-25). 

22. As per claim 22: 

Baker discloses "The SPIP of claim 15, further comprising network ports 
configured to interface with the industrial network, and output ports configured to 
interface with a programmable logic controller. 

23. As per claim 23: 

Baker discloses "The SPIP of claim 22, wherein the network ports are configured 
to communicate on the industrial network utilizing an Ethernet protocol; and wherein the 
output ports are configured to communicate with the programmable logic controller 
using a protocol understandable by the programmable logic controller" in (Col 3 lines 
20-30). 
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24. As per claim 24: 

Baker discloses "The SPIP of claim 15, further comprising network ports 
configured to interface with the industrial network, control logic configured to implement 
a control program associated with a programmable logic controller, and interface ports 
configured to interface with a factory machine" in (Col 3 lines 20-30). 

25. As per claim 25: 

Baker discloses "The SPIP of claim 24, wherein the interface ports comprise at 
least one input port configured to receive input from an environmental sensor, and at 
least one output port configured to control at least one electro-mechanical device" in 
(Col 3 lines 1-5) [Factory automation device is a device that has sensor and electrically 
powered]. 



Claim Rejections - 35 USC § 103 



26. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Application/Control Number: 10/615,513 Page 9 

Art Unit: 2135 

27. Claims 11,19, and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Baker, in view of Tilton et al, US Publication No. 
20040068562A2, hereinafter "Tilton". 

28. As per claim 1 1 : 

Baker discloses "The industrial network of claim 10, wherein the local policy 
comprises: a local access policy configured to require authentication and authorization 
of at least one of an user and an accessing electronic device for non-emergency 
attempts to access the SPIP and an alternate access policy configured to allow access 
to the SPIP" in (Col 5 lines 20-32) 

However, Baker does not discloses "maintain an audit log attendant to a local 
attempt to access the SPIP". 

Nevertheless, Tilton discloses "the audit log for network accessing user's 
attempts" in Para 0047. 

Therefore, it would have been obvious at the time of the invention was made for 
one having ordinary skill in the art to modify Baker's invention to incorporate Tilton's 
teaching of the audit log to keep track of network accessing event and to ensure 
protection to the network. 

29. As per claim 19: 

Baker discloses "Tile SPIP of claim 18, wherein the authorization module is an interface 
to a Lightweight Directory Access Protocol (LDAP) server, and wherein the 
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authentication module is an interface to a Remote Access Dial In User Service 
(RADIUS) server" in (Titon, Figure 1 #54, Para 0021-22). 

30. As per claim 21: 

Baker discloses "The SPIP of claim 15, wherein the local path comprises a virtual 
private network module configured to participate in a virtual private network tunnel 
established on the industrial network." In (Figure 1 #30a, Para 0047) [Private Network] 

31 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Linh LD Son whose telephone number is 571- 
272-3856. The examiner can normally be reached on 9-6 (M-F). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Linh LD Son 
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